Honeywell ALERTON VAVi-7u5-IP Security Manual
  1. Manuals
  2. Brands
  3. Honeywell Manuals
  4. Controller
  5. ALERTON VAVi-7u5-IP
  6. Security manual
Honeywell ALERTON VAVi-7u5-IP Security Manual

Honeywell ALERTON VAVi-7u5-IP Security Manual

Vav and unitary controllers
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
VAV and Unitary Controllers
DISCLAIMER ................................................................................................................................................................................................. 2
INTRODUCTION........................................................................................................................................................................................... 3
Related Security documents...................................................................................................................................................................................... 3
SYSTEM DELIVERY ..................................................................................................................................................................................... 4
Documentation contains security information.................................................................................................................................................. 4
Ensure device packaging is in good state ............................................................................................................................................................ 4
SYSTEM OVERVIEW.................................................................................................................................................................................... 5
PLANNING AND INSTALLATION ............................................................................................................................................................ 7
Physical equipment....................................................................................................................................................................................................... 7
Compass Planning and Installation ....................................................................................................................................................................... 7
Connect Communications Bus and Microset (VAV and Unitary Controllers)........................................................................................ 7
Recommended VAV and Unitary Controller Installation Configuration................................................................................................... 8
Documentation ............................................................................................................................................................................................................... 9
CONFIGURING A VAV OR UNITARY CONTROLLERS ......................................................................................................................... 10
Control traffic from other subnets .......................................................................................................................................................................... 10
Create and maintain a baseline of Controller Configurations ..................................................................................................................... 10
Change Default Passwords ........................................................................................................................................................................................ 10
BLE Password Configuration .................................................................................................................................................................................... 10
Compass Configurations ............................................................................................................................................................................................ 11
About Microset Field Service Mode ........................................................................................................................................................................ 11
Considerations for the BAS firewall ........................................................................................................................................................................ 12
SECURITY RECOMMENDATIONS FOR USE OF A VAV AND UNITARY.......................................................................................... 13
Monitor physical access controls ............................................................................................................................................................................ 13
Monitor Paired BLE Mobile Device ......................................................................................................................................................................... 13
Monitor network access controls............................................................................................................................................................................. 13
Monitor Compass control access ............................................................................................................................................................................ 13
About DDC Logic considerations and disclaimer ............................................................................................................................................. 13
SECURITY RECOMMENDATIONS FOR MAINTENANCE OF THE VAV AND UNITARY.............................................................. 14
Compass Workstation Maintenance ...................................................................................................................................................................... 14
Update to latest ROC .................................................................................................................................................................................................... 14
Updating the ROC in Device Manager (VAV and Unitary).............................................................................................................................. 14
SECURITY RECOMMENDATIONS FOR DECOMISSIONING OF THE VAV AND UNITARY ....................................................... 15
Reset Alerton VAV and Unitary to factory defaults............................................................................................................................................ 15
INSTALLATION SECURITY CHECKLIST ................................................................................................................................................ 16
Complete the following security tasks for each installed Controller......................................................................................................... 16
Train end users on documented security maintenance tasks ..................................................................................................................... 16
® U.S. Registered Trademark
Copyright © 2024 Honeywell Inc. • All Rights Reserved
SECURITY GUIDE
31-00529-01

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ALERTON VAVi-7u5-IP and is the answer not in the manual?

Questions and answers

Related Manuals for Honeywell ALERTON VAVi-7u5-IP

Summary of Contents for Honeywell ALERTON VAVi-7u5-IP

  • Page 1: Table Of Contents

    Reset Alerton VAV and Unitary to factory defaults............................15 INSTALLATION SECURITY CHECKLIST ..............................16 Complete the following security tasks for each installed Controller......................16 Train end users on documented security maintenance tasks ........................16 31-00529-01 ® U.S. Registered Trademark Copyright © 2024 Honeywell Inc. • All Rights Reserved...

  • Page 2: Disclaimer

    VAV and Unitary Controller - Security Guide DISCLAIMER While we have engaged in efforts to assure the accuracy of this document, Alerton is not responsible for any damages, including consequential damages arising from the application or use of the information contained herein. The information and specifications published here are current at the time of publication and are subject to change without notice.

  • Page 3: Introduction

    VAV and Unitary Controller - Security Guide INTRODUCTION This guide contains information on the safe installation and configuration of Alerton VAV and Unitary controllers and safety-related information on operation, maintenance, and decommissioning. (Models: VAVi-7u5-IP, VAVi-7u5-IP-BLE, VAVi-0-IP, VLC8u8-IP, VLC8u8-IP-BLE, VLC16u8-IP and VLC16u8-IP-BLE).

  • Page 4: System Delivery

    VAV and Unitary Controller - Security Guide SYSTEM DELIVERY This section includes activities needed when the Building Management System (BAS) is delivered to the system owner. Documentation contains security information The documentation package delivered with your system should include the following: •...

  • Page 5: System Overview

    VAV and Unitary Controller - Security Guide SYSTEM OVERVIEW Web Browser SQL Server (optional) Internet/Intranet/Corporate Network BAS Firewall Niagara Integration Niagara Integration Services (optional) Services (optional) Compass (2.2 or later version) Compass (2.2 or later version) Primary workstation workstation (Optional) Building Automation System (BAS)
  • Page 6 VAV and Unitary Controller - Security Guide Compass Primary Workstation: The Compass primary workstation is a computer running software. It requires two network connections: one to the management web user interface through a web browser (usually on the Internet/intranet/corporate network) and another to the BAS network. Web Browser: Compass software provides a web-based management interface that can be accessed through a web browser without a connection to the Internet.

  • Page 7: Planning And Installation

    VAV and Unitary Controller - Security Guide PLANNING AND INSTALLATION This section includes information for planning and performing a VAV and Unitary controller installation. Physical equipment When planning a system installation, it is essential to discuss the physical security of VAV and Unitary controllers with your customer.

  • Page 8: Recommended Vav And Unitary Controller Installation Configuration

    VAV and Unitary Controller - Security Guide Recommended VAV and Unitary Controller Installation Configuration The following section illustrates the recommended VAV and Unitary installation configuration. Note that the VAV and Unitary have a two-port Ethernet switch. The diagram below (Figure 2) uses the switch functionality to daisy-chain multiple VAV and Unitary controllers.

  • Page 9: Documentation

    VAV and Unitary Controller - Security Guide Documentation Documentation is essential in capturing design and configuring information required to maintain a secure system. Document physical devices and configurations, including key security-related information. All documentation on devices and configurations must include security-related information to establish and maintain the intended security controls.

  • Page 10: Configuring A Vav Or Unitary Controllers

    VAV and Unitary Controller - Security Guide CONFIGURING A VAV OR UNITARY CONTROLLERS This section contains information for configuring a VAV and Unitary Controllers. Control traffic from other subnets It is recommended that traffic to/from other subnets be permanently disabled. For security reasons, traffic to/from other subnets is disabled by default, preventing devices from other subnets from reaching this device.

  • Page 11: Compass Configurations

    VAV and Unitary Controller - Security Guide Changing the backup and Restore/Restart/Control Passwords To change the backup or restore/restart/control passwords, use Compass to edit the VAV and Unitary configuration. Fig. 4 BACnet Configuration ® One password specifically for BACnet Backup and another password for Restore/Restart/Control. Both passwords are stored as hashed values in the DCF.

  • Page 12: Considerations For The Bas Firewall

    VAV and Unitary Controller - Security Guide Considerations for the BAS firewall These next considerations assume that the installation process has followed the network recommended configuration guidelines stated Fig. 2, located in the “Recommended VAV and VLC Installation Configuration” section, in which we are using a firewall to isolate the BAS network from the internet or the corporate network. Important points regarding UDP port.

  • Page 13: Security Recommendations For Use Of A Vav And Unitary

    VAV and Unitary Controller - Security Guide SECURITY RECOMMENDATIONS FOR USE OF A VAV AND UNITARY Monitor physical access controls. Monitor the physical access control of the VAV and Unitary, such as monitoring the room where they are installed, installing a sensor on the cabinet, or instituting a process for checking out the key to the cabinet where they are mounted.

  • Page 14: Security Recommendations For Maintenance Of The Vav And Unitary

    VAV and Unitary Controller - Security Guide SECURITY RECOMMENDATIONS FOR MAINTENANCE OF THE VAV AND UNITARY Compass Workstation Maintenance Ensure Compass Workstation runs up-to-date virus software and complies with corporate PC security standards. It should also have the last Compass version available, which could include solutions to already-found vulnerabilities and updated third-party libraries;...

  • Page 15: Security Recommendations For Decomissioning Of The Vav And Unitary

    VAV and Unitary Controller - Security Guide Fig. 5 Send Data from Disk to Device(s) SECURITY RECOMMENDATIONS FOR DECOMISSIONING OF THE VAV AND UNITARY This section contains information for decommissioning an Alerton VAV and Unitary. Reset Alerton VAV and Unitary to factory defaults. Resetting the Alerton VAV/VLC to factory defaults will erase all data stored in its configuration.

  • Page 16: Installation Security Checklist

    • User should be conscious of the right measures to safeguard files mentioned on Documentation section. Documents should be delivered along the system, but end user can always find these an other documents on https://buildings.honeywell.com ALERTON 715 Peachtree Street NE Atlanta, Georgia 30308 31-00529-01 I Rev. 11-24 www.alerton.com ©2024 Honeywell International Inc.

This manual is also suitable for:

Alerton vavi-7u5-ip-bleAlerton vavi-0-ipAlerton vlc8u8-ipAlerton vlc8u8-ip-bleAlerton vlc16u8-ipAlerton vlc16u8-ip-ble

Table of Contents